
IAM Policies:
IAM (Identity and Access Management) policies in AWS are defined using JSON format. These policies specify the actions
that users, groups, or roles are allowed or denied to perform on AWS resources. Let's examine an example policy that
grants read-only access to an S3 bucket.
Example Policy: Allowing S3 Read-Only Access
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::example-bucket",
"arn:aws:s3:::example-bucket/*"
]
}
]
}
Version: Defines the policy language version, e.g., "2012-10-17".
Statement: Contains one or more policy statements.
Effect: Specifies whether access is allowed or denied (e.g., "Allow").
Action: Lists allowed or denied actions (e.g., "s3:GetObject" to download and "s3:ListBucket" to list objects).
Resource: Defines the AWS resources the actions apply to (e.g., "arn:aws:s3:::example-bucket" for the bucket
and "arn:aws:s3:::example-bucket/*" for its objects).